Dcc exploit catcher

By _dead on Jan 30, 2007

/debug -i NUL DCCWorkaround

alias DCCWorkaround {
  if ($regex($1, /^<- :([^!]*)![^@]*@[^ ]*\s*PRIVMSG\s*(\S*)\s*:\001\s*DCC\s*(SEND|RESUME).*"(?:[^" ]*\s){32}.*$/i)) {
    var %nick = $regml(1), %type = $regml(3)
    .ignore -tdu60 *
    set %a $comchan(%nick,0)
    if (%a > 0) {
      if ($me isop $comchan(%nick,%a)) {
         ban -ku600 $comchan(%nick,%a) %nick DCC %type Exploit detected, banned 10mins. | dec %a | goto 1 
      if ($me !isop $comchan(%nick,%a)) { dec %a | goto 1 }
    if (%a = 0) { unset %a | halt }
on *:start:.debug -i NUL DCCWorkaround 


Sign in to comment.
jaytea   -  Mar 11, 2007

that\'s not the same DCC issue that this detects.

this deals with a specific exploit in mirc that was around in earlier 6.xx versions. if you understood the code you\'d realize what it\'s checking ;>

F*U*R*B*Y*   -  Mar 10, 2007

not all, jaytea, if your the same jaytea that goes on SwiftIRC and EuphoriaIRC if you type DCC SEND djhsdjfkhgjkdfhjgkhasdf in the channel, Fear drops and so does many others..... great if Fear really annoys you :P

RoninWarrior   -  Jan 30, 2007

I thought the dcc exsploit was fixed already?

RussellReal   -  Jan 30, 2007

Jaytea ftw lol

jaytea   -  Jan 30, 2007

looks to be a modified version of a piece of Olathe\'s DCC exploit fix, one version of which is at http://www.bluetack.co.uk/forums/index.php?showtopic=2844

you really should give credit to your sources :P although you are a couple of years late, this vulnerability has long since been corrected

Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.